As remote access of computer systems and applications grows in popularity, the number and variety of transactions which are accessed remotely over public networks such as the Internet has increased dramatically. This popularity has underlined a need for security; in particular: how to ensure that people who are remotely accessing an application are who they claim they are, how to ensure that transactions being conducted remotely are initiated by legitimate individuals, and how to ensure that transaction data has not been altered before being received at an application server.
In the past, application providers have relied on static passwords to provide the security for remote applications. In recent years it has become evident that static passwords are not sufficient and that more advanced security technology is required.
An authentication technology which offers a significantly higher security level than static passwords is offered by ‘strong authentication token devices’. Typical examples of strong authentication tokens are the products of the DIGIPASS® line, commercialized by Vasco Data Security Inc. of Chicago, Ill. (see the website http://www.vasco.com). A strong authentication token is an autonomous battery-powered device, dedicated to providing authentication and/or transaction signature functions, usually pocket-size, with its own display and keypad. In some cases the keypad is reduced to a single button or even completely omitted, in other cases the keypad can be a full keyboard. The display and keypad of a typical strong authentication token are non-removable and not user-serviceable, fully controlled by the token, and immune for interference by malicious software on a host computer. Therefore strong authentication tokens are considered to have a trustworthy user interface in contrast to, for example, PCs where there is always the possibility that malicious software such as a virus or a Trojan presents fake messages to the user, or captures whatever the user enters on the keypad, or reads in memory sensitive data associated with a security application or alters data before they are being signed. The main purpose of a strong authentication token is to generate dynamic security values which are usually referred to as ‘One-Time Passwords’ (OTPs) or dynamic passwords. Typically these OTPs are generated by cryptographically combining a secret that is shared between the token and a verification or authentication server with a dynamic value such as a time value, a counter value or a server challenge that is provided to the token, or a combination of these. Some strong authentication tokens can also use data (such as transaction data) that have been provided to the token as the dynamic value or in combination with any of the dynamic values mentioned above to generate a security value. In these cases the resulting security value is meant to indicate the user's approval of the data and the security value is usually referred to as an electronic signature or Message Authentication Code (MAC). In some cases cryptographically combining the secret with a dynamic value comprises performing a symmetric encryption or decryption algorithm (such as for example DES, 3DES or AES) over data related to the dynamic value and using the secret as a symmetric encryption or decryption key. In some cases cryptographically combining the secret with a dynamic value comprises performing a cryptographic hash function (such as for example SHA-1) that is keyed with the secret and using the data related to the dynamic value as input data to the hash function. Some strong authentication tokens consist of a device with a display and a keypad that is capable of communicating with an inserted smart card whereby the generation of the OTPs or MACs is partly done by the device itself and partly by the inserted smart card.
A typical way to provide data to a strong authentication token is by letting the user enter the data manually on the token's keypad. When the amount of data that has to be entered in this way exceeds a few dozen characters, this process may be perceived by users as too cumbersome.
A typical way to provide the generated OTPs or MACs from the authentication token to the system that needs to verify them, consists of the token displaying the generated OTP or MAC on its display and the user copying the displayed OTP or MAC into his or her PC (or other internet access device) which transmits this OTP or MAC to the application or authentication server where the validity of the OTP or MAC can then be verified. This however also requires some actions from the user that may be perceived as inconvenient.
Strong authentication tokens usually rely on symmetric cryptographic mechanisms to generate OTPs or MACs using symmetric secret keys that are shared between a strong authentication token and a verification server. This can be problematic if a user would like to use his or her token with several applications since all these application servers would then have to share the token's secret key(s) which in turn has the potential of creating security risks.
Another aspect of dedicated hardware strong authentication tokens is that they inevitably have a certain non-zero minimal cost. This can sometimes make the dedicated hardware strong authentication tokens less attractive for a number of applications for which the cost per user can sometimes be a critical factor.
What is needed is an authentication mechanism which offers on the one hand the same level of security as strong authentication tokens, but which on the other hand is very convenient for the user and can be easily used with several applications or application providers and is very cost-effective.